Problem solve Get help with specific problems with your technologies, process and projects.

PCI DSS lessons learned from Global Payments data breach

Expert Nick Lewis discusses the Global Payments data breach, focusing on lessons to be learned for PCI DSS-compliant enterprises.

Can you tell me what went wrong in the Global Payments breach? Any lessons for other enterprises that fall under...


Ask the expert!

Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)

Brian Krebs, who chronicled the Global Payments data breach on his blog, reported the breach of the payment card processing firm went as far back as January 2011 and may have included more than 10 million card numbers. Global Payments issued a press release stating 1.5 million card numbers may have been exposed.

There have been few technical details released by any of the reports as to the source of the breach. Global Payments stated that it believes the incident has been contained. Krebs reported that Global Payments was compromised by attackers in 2011, though it switched to a different hosting company in 2012, when the attackers bypassed the end-to-end encryption Global Payments employed.  The attackers stated they were able to bypass the encryption by gaining full access to the systems where card numbers were decrypted. The attackers also stated they went back every month to retrieve the captured data.

Global Payments could have moved hosting companies in an effort to eradicate the attackers from its network, but this seems unlikely unless Global Payments rebuilt all of its systems in use, reset all passwords, and re-secured all of its systems. Changing the hosting provider and potentially changing the IPs in use, but not performing the other actions, makes it difficult to prevent attackers from reentering its systems or maintaining an existing data exfiltration effort. Other enterprises that must comply with PCI DSS will only learns lessons from this data breach when Global Payments releases more details, but no new technical details have been released as of September, 2012. Many of the actions by the attacker could have been detected by careful review of logs or instrumentation of Global Payments' network security monitoring.

This was last published in August 2012

Dig Deeper on Data security breaches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.